General

What are bitcoins?

Bitcoins are the unit of currency of the Bitcoin system. A commonly used shorthand for this is “BTC” to refer to a price or amount (eg: “100 BTC”).
There are such things as physical bitcoins, but ultimately, a bitcoin is just a number associated with a Bitcoin Address. A physical bitcoin is simply an object, such as a coin, with the number carefully embedded inside. See also an easy intro to bitcoin.

How can I get Bitcoins?

There are a variety of ways to acquire Bitcoins:

Accept Bitcoins as payment for goods or services.

There are several services where you can trade them for traditional currency.

Find a local trader on tradebitcoin (or somewhere else) and trade with him in cash.

Does Bitcoin guarantee an influx of free money?

Since Bitcoin is a new technology, what it is and how it works may be initially unclear. Bitcoin is sometimes presented as being one of three things:

A) Some sort of online 'get-rich-quick' scam.

B) A loophole in the market economy, the installation of which guarantees a steady influx of cash.

C) A sure investment that will almost certainly yield a profit.

In fact, none of the above are true. Let's look at them independently.

Is Bitcoin a 'get-rich-quick' scheme?

If you've spent much time on the internet, you've probably seen many 'get-rich-quick' plans advertised on sites such as craigslist. These ads usually promise huge profits for a small amounts of easy work. Such schemes are usually pyramid- and matrix-style schemes that make money from their own employees and offer nothing of any real value. Most convince one to buy packages that will make them earn hundreds a day, which in fact have the buyer distribute more such ads, and make minute profits.

Bitcoin is in no way similar to these sorts of scams. Bitcoin doesn't promise windfall profits, and there is no way for the developers to make money from your involvement, or to take money from you. That the Bitcoin is nearly impossible to acquire without the owner's consent represents one of its greatest strengths. Bitcoin is an experimental, virtual currency; none of its developers expect to get rich off of it.

Most people who use Bitcoin don't earn anything by doing so, and the default client has no built-in way to earn Bitcoins. A small minority of people with dedicated, high-performance hardware do earn some Bitcoins. by mining with special software, but joining Bitcoin shouldn't be construed as being the road to riches. Most Bitcoin users get involved because they the find the project conceptually interesting, and don't earn anything by doing so. This is also why you won't find much speculation about the political or economic repercussions of Bitcoin anywhere on this site: Bitcoin developers owe their dedication to the project's intellectual yieldings than more than to those of a monetary nature. Bitcoin is still taking its first baby steps; it may go on to do great things, but right now it only has something to offer

As an investment, is the Bitcoin a sure thing?

Bitcoin represents a brand new and risky concept, the value of which is not backed by any formal entity. As a young and unestablished currency, it is only worth something because people are willing to trade it for goods and services. A quick glance at the Mt. Gox exchange reveals that the Bitcoin's worth still fluctuates often, and wildly; it lacks wide acceptance and is still vulnerable to a small-disturbances. Hacked accounts can still trigger major sell-offs, and fluctuations can transform into positive feedback loops that destabilize the entire network. Anyone who puts money into Bitcoin runs the severe risk of losing all of it. As Bitcoin becomes better known and more widely accepted, it should stabilize, but right now, and for some time to come, it will remain unpredictable. Any investment in Bitcoin represents a highly insecure strategy.

It is people who take risks, and trade things with intrinsic value for Bitcoins, who give it value. For Bitcoin to become an accepted currency, users will have to go out on limbs, and be prepared to take smalls losses. However, Bitcoin is far from stable and probably will not be anytime in the near future, and no one should invest in it funds they cannot afford to lose. Ultimately, Bitcoin is a currency, and is intended for trade, not investment.

Can I buy Bitcoins with Paypal?

It is possible to buy physical Bitcoins with PayPal. It is much more difficult to buy digital Bitcoins with PayPal, because of the chargeback risk to the seller. Sales of physical goods present a lower risk than sales of digital ones.

While it's possible to find an individual who wishes to sell Bitcoin to you via Paypal, (perhaps via #bitcoin-otc ) most major exchanges do not allow funding through Paypal. This is due to repeated cases where someone pays for Bitcoins with Paypal, receives their Bitcoins, and then fraudulently complains to Paypal that they never received their goods. Paypal too often sides with the fraudulent buyer in this case, and so exchangers no longer allow this method of funding.

Buying Bitcoins from individuals with this method is still possible, but requires mutual trust. In this case, Bitcoin seller beware.

Where can I find a forum of Bitcoin users?

There is no longer an "official" forum for Bitcoin. The [Portal] includes links to some forums.

How are new Bitcoins created?

New coins are generated by a network node each time it finds the solution to a certain mathematical problem (i.e. creates a new block), which is difficult to perform and can demonstrate a proof of work. The reward for solving a block is automatically adjusted so that in the first 4 years of the Bitcoin network, 10,500,000 BTC will be created. The amount is halved each 4 years, so it will be 5,250,000 over years 4-8, 2,625,000 over years 8-12 and so on. Thus the total number of bitcoins in existence will not exceed 21,000,000. See Controlled Currency Supply.

Blocks are generated every 10 minutes, on average. As the number of people who attempt to generate these new coins changes, the difficulty of creating new coins changes. This happens in a manner that is agreed upon in advance by the network as a whole, based upon the time taken to generate the previous 2016 blocks. The difficulty is therefore related to the average computing resources devoted to generate these new coins over the time it took to create these previous blocks. The likelihood of somebody creating a block is based on the calculation speed of the system that they are using compared to the aggregate calculation speed of all the other systems generating blocks on the network. See Mining.

What's the current total number of Bitcoins in existence?

The number of blocks times the coin value of a block is the number of coins in existence. The coin value of a block is 50 BTC for each of the first 210,000 blocks, 25 BTC for the next 210,000 blocks, then 12.5 BTC, 6.25 BTC and so on.

How divisible are Bitcoins?

Technically, a Bitcoin can be divided down to 8 decimals using existing data structures, so 0.00000001 BTC is the smallest amount currently possible. Discussions about and ideas for ways to provide for even smaller quantities of Bitcoins may be created in the future if the need for them ever arises.

What do I call the various denominations of Bitcoins?

There is a lot of discussion about the naming of these fractions of Bitcoins. The leading candidates are:

The above follows the accepted international SI units for thousandths, millionths and billionths. There are many arguments against the special case of 0.01 BTC since it is unlikely to represent anything meaningful as the Bitcoin economy grows (it certainly won't be the equivalent of 0.01 USD, GBP or EUR). Equally, the inclusion of existing national currency denominations such as "cent", "nickel", "dime", "pence", "pound", "kopek" and so on are to be discouraged. This is a worldwide currency.

One exception is the "satoshi" which is smallest denomination currently possible

0.000 000 01 BTC = 1 Satoshi (pronounced sa-toh-shee)

which is so named in honour of Satoshi Nakamoto the pseudonym of the inventor of Bitcoin.

For an overview of all defined units of Bitcoin (including less common and niche units), see Units.

How does the halving work when the number gets really small?

The reward will go from 0.00000001 BTC to 0. Then no more coins will likely be created.

The calculation is done as a right bitwise shift of a 64-bit signed integer, which means it is divided by 2 and rounded down. The integer is equal to the value in BTC * 100,000,000. This is how all Bitcoin balances/values are stored internally.

Keep in mind that using current rules this will take nearly 100 years before it becomes an issue and Bitcoins may change considerably before that happens.

How long will it take to generate all the coins?

The last block that will generate coins will be block #6,929,999. This should be generated around year 2140. Then the total number of coins in circulation will remain static at 20,999,999.9769 BTC.

Even if the allowed precision is expanded from the current 8 decimals, the total BTC in circulation will always be slightly below 21 million (assuming everything else stays the same). For example, with 16 decimals of precision, the end total would be 20999999.999999999496 BTC.

If no more coins are going to be generated, will more blocks be created?

Absolutely! Even before the creation of coins ends, the use of transaction fees will likely make creating new blocks more valuable from the fees than the new coins being created. When coin generation ends, what will sustain the ability to use bitcoins will be these fees entirely. There will be blocks generated after block #6,929,999.

But if no more coins are generated, what happens when Bitcoins are lost? Won't that be a problem?

Because of the law of supply and demand, when fewer bitcoins are available the ones that are left will be in higher demand, and therefore will have a higher value. So, as Bitcoins are lost, the remaining bitcoins will eventually increase in value to compensate. As the value of a bitcoin increases, the number of bitcoins required to purchase an item decreases. This is a deflationary economic model. As the average transaction size reduces, transactions will probably be denominated in sub-units of a bitcoin such as millibitcoins ("Millies") or microbitcoins ("Mikes").

The Bitcoin protocol uses a base unit of one hundred-millionth of a Bitcoin ("a Satoshi"), but unused bits are available in the protocol fields that could be used to denote even smaller subdivisions.

If every transaction is broadcast via the network, does Bitcoin scale?

The Bitcoin protocol allows lightweight clients that can use Bitcoin without downloading the entire transaction history. As traffic grows and this becomes more critical, implementations of the concept will be developed. Full network nodes will at some point become a more specialized service.

With some modifications to the software, full Bitcoin nodes could easily keep up with both VISA and MasterCard combined, using only fairly modest hardware (a couple of racks of machines using todays hardware). It's worth noting that the MasterCard network is structured somewhat like Bitcoin itself - as a peer to peer broadcast network.

Where does the value of Bitcoin stem from? What backs up Bitcoin?

When we say that a currency is backed up by gold, we mean that there's a promise in place that you can exchange the currency for gold. Bitcoins, like dollars and euros, are not backed up by anything except the variety of merchants that accept them.

It's a common misconception that Bitcoins gain their value from the cost of electricity required to generate them. Cost doesn't equal value – hiring 1,000 men to shovel a big hole in the ground may be costly, but not valuable. Also, even though scarcity is a critical requirement for a useful currency, it alone doesn't make anything valuable. For example, your fingerprints are scarce, but that doesn't mean they have any exchange value.

Is Bitcoin a bubble?

Yes, in the same way as the euro and dollar are. They only have value in exchange and have no inherent value. If everyone suddenly stopped accepting your dollars, euros or bitcoins, the "bubble" would burst and their value would drop to zero. But that is unlikely to happen: even in Somalia, where the government collapsed 20 years ago, Somali shillings are still accepted as payment.

Is Bitcoin a Ponzi scheme?

In a Ponzi Scheme, the founders persuade investors that they’ll profit. Bitcoin does not make such a guarantee. There is no central entity, just individuals building an economy.

A ponzi scheme is a zero sum game. Early adopters can only profit at the expense of late adopters. Bitcoin has possible win-win outcomes. Early adopters profit from the rise in value. Late adopters, and indeed, society as a whole, benefit from the usefulness of a stable, fast, inexpensive, and widely accepted p2p currency.

The fact that early adopters benefit more doesn't alone make anything a Ponzi scheme. All good investments in successful companies have this quality.

Doesn't Bitcoin unfairly benefit early adopters?

Early adopters have a large number of bitcoins now because they took a risk and invested resources in an unproven technology. By so doing, they have helped Bitcoin become what it is now and what it will be in the future (hopefully, a ubiquitous decentralized digital currency). It is only fair they will reap the benefits of their successful investment.

In any case, any bitcoin generated will probably change hands dozens of time as a medium of exchange, so the profit made from the initial distribution will be insignificant compared to the total commerce enabled by Bitcoin.

Since the pricing of Bitcoins has fallen greatly from its June 2011 peak, prices today are much more similar to those enjoyed by many early adopters. Those who are buying Bitcoins today likely believe that Bitcoin will grow significantly in the future. Setting aside the brief opportunity to have sold Bitcoins at the June 2011 peak enjoyed by few, the early-adopter window is arguably still open.

Worries about Bitcoin being destroyed by deflation are not entirely unfounded. Unlike most currencies, which experience inflation their as founding institutions create more and more units, Bitcoin will likely experience gradual deflation with the passage of time. Bitcoin is unique in that only a small amount of units will ever be produced (twenty-one million to be exact), this number has been known since the projects inception, and the units are create at a predicable rate.

Also, Bitcoin users are faced with a danger that doesn't threaten users of any other currency: if a Bitcoin user loses his wallet, his money is gone forever, unless he finds it again. And not just to him; its gone completely out of circulation, render utterly inaccessible to anyone. As people will lose their wallets, the total number of Bitcoins will slowly decrease.

Therefore, Bitcoin seems to be faced with a unique problem. Whereas most currencies inflate over time, Bitcoin will mostly likely do the just the opposite. Time will see the irretrievable loss of an ever-increasing number of Bitcoins. An already small number will be permanently whittled down further and further. And as there become fewer and fewer Bitcoins, the laws of supply and demand suggest that their value will probably continually rise.

Thus Bitcoin is bound to once again stray into mysterious territory, because no one exactly knows what happens to a currency that grows continually more valuable. Economists generally agree that a low level of inflation is a good thing for a currency, but nobody is quite sure about what might happens to one that continually deflates. Although deflation could hardly be called a rare phenomenon, steady, constant deflation is unheard of. There may be a lot of speculation, no one has any hard data to back up their claims.

That being said, there is a mechanism in place to combat the obvious consequences. Extreme deflation would render most currencies highly impractical: if a single Canadian dollar could suddenly buy the holder a car, how would one go about buying bread or candy? Even pennies would fetch more than a person could carry. Bitcoin, however, offers a simple and stylish solution: infinite divisibility. Bitcoins can be divided up and trade into as small of pieces as one wants, so no matter how valuable Bitcoins become, one can trade them in practical quantities.

In fact, infinite divisibility should allow Bitcoins to function in cases of extreme wallet loss. Even if, in the far future, so many people have lost their wallets that only a single Bitcoin, or a fraction of one, remains, Bitcoin should continue to function just fine. No one can claim to be sure what is going to happen, but deflation may prove to present a smaller threat than many expect.

What if someone bought up all the existing Bitcoins?

Bitcoin markets are competitive -- meaning the price of a bitcoin will rise or fall depending on supply and demand at certain price levels. Only a fraction of bitcoins issued are put on the markets for sale. So even though technically a buyer with lots of money could buy all the bitcoins offered for sale, unless the rest of the bitcoins are offered for sale, the wealthiest, most determined buyer can't have them.

Additionally, the currency continues to be issued and will continue to do so for decades though over time the rate at which they are issued declines to insignificant levels. Those who are mining aren't obligated to sell their bitcoins so not all bitcoins even make it to the markets.

This situation doesn't suggest, however, that the markets aren't vulnerable to price manipulation. It doesn't take significant amounts of money to move the market price up or down and thus Bitcoin remains a volatile asset.

What if someone creates a new block chain, or a new digital currency that renders Bitcoin obsolete?

That the block chain cannot be easily forced represents one of the central security mechanisms of Bitcoin. Given the choice between two blocks chains, Bitcoin miner always chooses the longer one -that is to say, the one with the more complex hash. Thusly, it ensures that each user can only spend their Bitcoins once, and that no user gets ripped off.

As a consequence of the block chain, there may at any time be many different sub-branches, and the possibility always exists of a transaction being over-written by the longest branch, if it has been recorded in a shorter one. The older a transaction is though, the lower its chances of being over-written, and the higher of becoming permanent. Although the block chain prevents one from spending more Bitcoins than he has, it means that transactions can be accidentally nullified.

A new block chain would leave the network vulnerable to double-spend attacks. However, the creation of a viable new chain presents considerable difficulty, and the possibility does not present much of a risk.

Bitcoin will always choose the longer Block Chain and determines the relative length of two branches by the complexities of their hashes. Since the hash of each new block is made from that of the block preceding it, to create a block with a more complex hash, one must be prepared to do more computation than has been done by the entire Bitcoin network up to that point. Needless to say, such an undertaking would require an incredible amount of processing power and since Bitcoin is continually growing and expanding, it will only require exponentially more with the passage of time.

A much more distinct and real threat to the Bitcoin use is the development of other, superior virtual currencies, which could supplant Bitcoin and render it obsolete and valueless.

A great deal of careful thought and ingenuity has gone into the development of Bitcoin, but it is the first of its breed, a prototype, and vulnerable to more highly-evolved competitors. At present, any threatening rivals have yet to rear its head; Bitcoin remains the first and foremost private virtual currency, but we can offer no guarantees that it will retain that position. It would certainly be in keeping with internet history for similar system built from the same principles to supersede and cast Bitcoin into obsolescence, after time had revealed its major shortcomings. Friendster and Myspace suffered similar fates at the hand of Facebook, Napster was ousted by Limeware, Bearshare and torrent applications, and Skype has all but crushed the last few disciples of the Microsoft Messenger army.

This may sound rather foreboding, so bear in mind that introduction of new and possibly better virtual currencies will not necessarily herald Bitcoin's demise. If Bitcoin establishes itself sufficiently firmly before the inception of the next generation of private, online currencies as to gain widespread acceptance and general stability, future currencies may pose little threat even if they can claim superior design.

Sending and Receiving Payments

Why do I have to wait 10 minutes before I can spend money I received?

10 minutes is the average time taken to find a block. It can be significantly more or less time than that depending on luck; 10 minutes is simply the average case.

You can see how long all other recent transactions have taken here: BitcoinStats.org.

Blocks (shown as "confirmations" in the GUI) are how the Bitcoin achieves consensus on who owns what. Once a block is found everyone agrees that you now own those coins, so you can spend them again. Until then it's possible that some network nodes believe otherwise, if somebody is attempting to defraud the system by reversing a transaction. The more confirmations a transaction has, the less risk there is of a reversal. Only 6 blocks or 1 hour is enough to make reversal computationally impractical. This is dramatically better than credit cards which can see chargebacks occur up to three months after the original transaction!

Ten minutes was specifically chosen by Satoshi as a tradeoff between propagation time of new blocks in large networks and the amount of work wasted due to chain splits. For a more technical explanation, see Satoshi's original technical paper.

Do you have to wait 10 minutes in order to buy or sell things with Bitcoin?

No, it's reasonable to sell things without waiting for a confirmation as long as the transaction is not of high value. When people ask this question they are usually thinking about applications like supermarkets or snack machines. For a complete answer, see the wiki article here.

I was sent some bitcoins and they haven't arrived yet! Where are they?

Don't panic! There are a number of reasons why your bitcoins might not show up yet, and a number of ways to diagnose them.

The latest version of the Bitcoin-Qt client will tell you how far it has to go yet in downloading the blockchain. Hover over the icon in the bottom right corner of the client to learn your client's status.

If it has not caught up then it's possible that your transaction hasn't been included in a block yet.

You can check pending transactions in the network by going here and then searching for your address. If the transaction is listed here then it's a matter of waiting until it gets included in a block before it will show in your client.

Bear in mind that if the transaction is based on a coin that was in a recent transaction then it could be considered a low priority transaction take longer to transfer if the transaction fee paid isn't high enough. Very low priority transactions with 0 fees might take hours or days to be included in a block.

Why does my Bitcoin address keep changing?

Whenever the address listed in "Your address" receives a transaction, Bitcoin replaces it with a new address. This is meant to encourage you to use a new address for every transaction, which enhances anonymity. All of your old addresses are still usable: you can see them in Settings -> Your Receiving Addresses.

How much will the transaction fee be?

Some transactions might require a transaction fee for them to get confirmed in a timely manner. The transaction fee is processed by and received by the bitcoin miner. The most recent version of the Bitcoin client will estimate an appropriate fee when a fee might be required.

The fee is added to the payment amount. For example, if you are sending a 1.234 BTC payment and the client requires a 0.0005 BTC fee, then 1.2345 BTC will be subtracted from the wallet balance for the entire transaction and the address for where the payment was sent will receive a payment of 1.234 BTC.

In cases where a fee is required it is required because your transaction objectively looks like a denial of service attack to the bitcoin system, either due to it being burdensome to transmit or it recycles bitcoins you recently received. The wallet software attempts to avoid generating burdensome transactions, but it isn't always able if the funds in your wallet are new or are composed of many very tiny payments.

Because the fee is related to the amount of data that makes up the transaction and not to the amount of bitcoins being sent, the fee may seem extremely low (0.0005 BTC for a 1,000 BTC transfer) or unfairly high (0.004 BTC for a 0.02 BTC payment, or about 20%). If you are receiving tiny amounts (e.g., as small payments from a mining pool) then fees when sending will be higher than if your activity follows a more normal consumer or business transaction pattern. As of bitcoin 0.5.3 the required fee it will ask for will not be higher that 0.05 BTC, though for most users there is usually no required fee at all and 0.0005 is the most common when one is required.

What happens when someone sends me a bitcoin but my computer is powered off?

Bitcoins aren't actually "sent" to your wallet, the software only uses that term so that we can use the currency without having to learn new concepts. Your wallet is only needed when you wish to spend coins that you've received.

The coins that were sent to you when the client was not running will later appear as if they were received in your wallet when you later launch the client. It will download blocks and catch up with any transactions it didn't already have.

How long does "synchronizing" take when the bitcoin client is first installed? What is it doing?

The popular bitcoin client software from bitcoin.org implements a "full" bitcoin node: It can carry out all the duties of the bitcoin P2P system, it isn't simply a "client". One of the principles behind the operation of full bitcoin nodes is that they don't trust that the other participants have followed the rules of the bitcoin system. During synchronization the software is processing historical bitcoin transactions and making sure for itself that all of the rules of the system have been correctly followed.

In normal operation after synchronizing the software should use a hardly noticeable amount of IO, CPU, or network capacity.

The initial validation is very disk IO intensive so the amount of time to synchronize depend on your disk speed and, to a lesser extent, your cpu speed. It can take anywhere from a few hours to a day or so. You can use the software while this process is going on, but you may not see recent payments to you until the synchronization has caught up to the point where those transactions happened.

If this is too long for you, you can download a pre-synchronized blockchain from http://eu1.bitcoincharts.com/blockchain/. Alternatively, you can try an alternative "lite" client such as Multibit or a super-light client like electrum though these clients have somewhat weaker security, are less mature, and don't contribute to the health of the P2P network.

Networking

Do I need to configure my firewall to run bitcoin?

Bitcoin will connect to other nodes, usually on tcp port 8333. You will need to allow outgoing TCP connections to port 8333 if you want to allow your bitcoin client to connect to many nodes. Bitcoin will also try to connect to IRC (tcp port 6667) to meet other nodes to connect to. Testnet uses tcp port 18333 instead of 8333.

If you want to restrict your firewall rules to a few ips and/or don't want to allow IRC connection, you can find stable nodes in the fallback nodes list. If your provider blocks the common IRC ports, note that lfnet also listens on port 7777. Connecting to this alternate port currently requires either recompiling Bitcoin, or changing routing rules. For example, on Linux you can evade a port 6667 block by doing something like this:

How does the peer finding mechanism work?

Bitcoin finds peers primarily by connecting to an IRC server (channel #bitcoin on irc.lfnet.org). If a connection to the IRC server cannot be established (like when connecting through TOR), an in-built node list will be used and the nodes will be queried for more node addresses.

Mining

What is mining?

Mining is the process of spending computation power to find valid blocks and thus create new Bitcoins.

Technically speaking, mining is the calculation of a hash of the a block header, which includes among other things a reference to the previous block, a hash of a set of transactions and a nonce. If the hash value is found to be less than the current target (which is inversely proportional to the difficulty), a new block is formed and the miner gets the newly generated Bitcoins (50 per block at current levels). If the hash is not less than the current target, a new nonce is tried, and a new hash is calculated. This is done millions of times per second by each miner.

Why was the "Generate coin" option of the client software removed?

In the early days of Bitcoin, it was easy for anyone to find new blocks using standard CPUs. As more and more people started mining, the difficulty of finding new blocks has greatly increased to the point where the average time for a CPU to find a single block can be many years. The only cost-effective method of mining is using a high-end graphics card with special software (see also Why a GPU mines faster than a CPU) and/or joining a mining pool. Since solo CPU mining is essentially useless, it was removed from the GUI of the Bitcoin software.

Is mining used for some useful computation?

The computations done when mining are internal to Bitcoin and not related to any other distributed computing projects. They serve the purpose of securing the Bitcoin network, which is useful.

Is it not a waste of energy?

Spending energy on creating and securing a free monetary system is hardly a waste. Also, services necessary for the operation of currently widespread monetary systems, such as banks and credit card companies, also spend energy, arguably more than Bitcoin would.

Why don't we use calculations that are also useful for some other purpose?

To provide security for the Bitcoin network, the calculations involved need to have some very specific features. These features are incompatible with leveraging the computation for other purposes.

How does the proof-of-work system help secure Bitcoin?

The work performed by a miner consists of repeatedly increasing "nonce" until
the hash function yields a value, that has the rare property of being below a certain
target threshold. (In other words: The hash "starts with a certain number of zeroes",
if you display it in the fixed-length representation, that is typically used.)

As can be seen, the mining process doesn't compute anything special. It merely
tries to find a number (also referred to as nonce) which - in combination with the payload -
results in a hash with special properties.

The advantage of using such a mechanism consists of the fact, that it is very easy to check a result: Given
the payload and a specific nonce, only a single call of the hashing function
is needed to verify that the hash has the required properties. Since there is no
known way to find these hashes other than brute force, this can be used as a "proof of work"
that someone invested a lot of computing power to find the correct nonce for this payload.

This feature is then used in the Bitcoin network to secure various aspects. An attacker
that wants to introduce malicious payload data into the network, will need to do the
required proof of work before it will be accepted. And as long as honest miners have more
computing power, they can always outpace an attacker.

Security

Could miners collude to give themselves money or to fundamentally change the nature of Bitcoin?

There are two questions in here. Let's look at them separately.

Could miners gang up and give themselves money?

Mining itself is the process of creating new blocks in the block chain. Each block contains a list of all the transactions that have taken place across the entire Bitcoin network since the last block was created, as well as a hash of the previous block. New blocks are 'mined', or rather, generated, by Bitcoin clients correctly guessing sequences of characters in codes called 'hashes,' which are created using information from previous blocks. Bitcoin users may download specialized 'mining' software, which allows them to dedicate some amount of their processing power – however large or small – to guessing at strings within the hash of the previous block. Whoever makes the right guess first, thus creating a new block, receives a reward in Bitcoins.

The block chain is one of the two structures that makes Bitcoin secure, the other being the public-key encryption system on which Bitcoin trade is based. The block chain assures that not only is every single transaction that ever takes place recorded, but that every single transaction is recorded on the computer of anyone who chooses to store the relevant information. Many, many users have complete records of every transaction in Bitcoins history readily available to them at any point, and anyone who wants in the information can obtain it with ease. These things make Bitcoin very hard to fool.

The Bitcoin network takes considerable processing power to run, and since those with the most processing power can make the most guesses, those who put the most power toward to sustaining the network earn the most currency. Each correct guess yields, at present, fifty Bitcoins, and as Bitcoins are presently worth something (although the value still fluctuates) every miner who earns any number of Bitcoins makes money. Some miners pull in Bitcoins on their own; and some also join or form pools wherein all who contribute earn a share of the profits.

Therefore, first answer is a vehement “yes” – no only can miners collude to get more money, Bitcoin is designed to encourage them to do so. Bitcoin pools are communal affairs, and there is nothing dishonest or underhanded about them.

Of course, the real question is:

Can they do so in ways not sanction by Bitcoin developers? Is there any way to rip off the network and make loads of money dishonestly?

Bitcoin isn't infallible. It can be cheated. But doing so is extremely difficult. Bitcoin was designed to evade some of the central problems with modern currencies – namely, that their trustworthiness hinges upon that of people who might not have user's best interests in mind. Every currency in the world (other than Bitcoin) is controlled by large institutions who keep track of what's done with done with it, and who can manipulate it's value. And every other currency has value because people trust the institutions that control them.

Bitcoin doesn't ask that it users trust any institution. Its security is based on the cryptography that is an integral part of its structure, and that is readily available for any and all to see. Instead of one entity keeping track of transactions, the entire network does, so Bitcoins are astoundingly difficult to steal, or double-spend. Bitcoins are created in a regular and predictable fashion, and by many different users, so no one can decide to make a whole lot more and lessen their value. In short, Bitcoin is designed to be inflation-proof, double-spend-proof and completely distributed.

Nonetheless, there are a few ways that one can acquire Bitcoins dishonestly. Firstly, one can steal private keys. Key theft isn't something that Bitcoin security has been designed to prevent: it's up to users to keep their's safe. But the cryptography is designed so that it is completely impossible to deduce someone's private from their public one. So long as you keep your private key to yourself, you don't have much to worry about. Furthermore, one could theoretically create a new block chain, but due to the way in which the block chain is constructed, this would be extremely difficult and require massive amounts of processing power. A full explanation of the difficulties involved can be found in the block chain article.

Bitcoin can be ripped off – but doing so would be extremely hard and require considerable expertise and a staggering amount of processing power. And it's only going to get harder with the passage of time. Bitcoin is isn't impenetrable, but it's close enough to put any real worries in the peripherals.

Could miners fundamentally change the nature of Bitcoin?

Once again, almost certainly not.

Bitcoin is a distributed network, so any changes implemented to the system must be accepted by all users. Someone trying to change the way Bitcoins are generated would have to convince every user to download and use their software – so the only changes that would go through are those that would be equally benefit all users.

And thus, it is more or less impossible for any person to change the function of Bitcoin to their advantage. If users don't like the changes, they won't take, and if uses do like them, then they'll help everyone equally. Of course, one can conceive of a situation where someone manages to get a change pushed through that provides them with an advantage that no one notices, but given that Bitcoin is structurally relatively simple, it is unlikely that any major changes will go through without someone noticing first.

The fact that such changes are so difficult to make testifies to the fully distributed nature of Bitcoin. Any centrally-controlled currency can be modified by its central agency without the consent of its adherents. Bitcoin has no central authority, so it changes only at the behest of the whole community. Bitcoins development represents a kind of collective evolution; the first of its kind among currencies.